Symbolic Execution of Floating-Point...

21
1 Nantes Nantes -- -- 24 Novembre 2005 24 Novembre 2005 1 Symbolic Symbolic Execution Execution of of Floating Floating- Point Point Computations Computations A A constraint constraint- based based testing testing approach approach Bernard Bernard Botella Botella Thales Thales Aerospace Aerospace Claude Michel Claude Michel Projet COPRIN Projet COPRIN INRIA Sophia INRIA Sophia- Antipolis Antipolis Arnaud Arnaud Gotlieb Gotlieb Projet LANDE Projet LANDE - IRISA IRISA INRIA Rennes INRIA Rennes 2 Nantes Nantes -- -- 24 Novembre 2005 24 Novembre 2005 Part Part of of the the ACI V ACI V 3 F Project : F Project : Validation & V Validation & Vé rification rification of of floating floating- point point computations computations Partners : - LIFC – INRIA Cassis (B. Legeard, …) - I3S – INRIA Coprin (C. Michel, M. Rueher, …) - IRISA – INRIA Vertecs / Lande (A.Gotlieb, T.Jéron,…) - CEA – Lsl/List (B. Marre, M. Martel, E. Goubault, …) http://lifc.univ-fcomte.fr/%7Ev3f/

Transcript of Symbolic Execution of Floating-Point...

Page 1: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

1

Nantes Nantes ---- 24 Novembre 200524 Novembre 2005 11

SymbolicSymbolic ExecutionExecution ofofFloatingFloating--PointPoint ComputationsComputations

A A constraintconstraint--basedbased testingtesting approachapproach

Bernard Bernard BotellaBotellaThalesThales AerospaceAerospace

Claude MichelClaude MichelProjet COPRINProjet COPRININRIA SophiaINRIA Sophia--AntipolisAntipolis

Arnaud Arnaud GotliebGotliebProjet LANDE Projet LANDE -- IRISAIRISAINRIA RennesINRIA Rennes

22Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

Part Part ofof thethe ACI VACI V33F Project : F Project :

Validation & VValidation & Véérification rification ofof floatingfloating--pointpoint computationscomputations

Partners :- LIFC – INRIA Cassis (B. Legeard, …)- I3S – INRIA Coprin (C. Michel, M. Rueher, …) - IRISA – INRIA Vertecs / Lande (A.Gotlieb, T.Jéron,…)- CEA – Lsl/List (B. Marre, M. Martel, E. Goubault, …)

http://lifc.univ-fcomte.fr/%7Ev3f/

Page 2: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

2

33Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

IntroductionIntroductionSymbolic Execution (SE): Evaluation of statements

with symbolic values along a control flow path

SE is exploited in several applications :- automatic test data generation [King 75, Clarke TSE’76, Meudec STVR’01]

- feasible path analysis [Goldberg et al. ISSTA’94]

- program proving [Chen et al. ISSTA’02]

- software model checking [Khushid et al. TACAS’03]...

Currently, floating-point variables are handledas reals or rationals in SE applications

44Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

float foo( float x) {

float y = 1.0e12, z ;

1. if( x < 10000.0 )

2. z = x + y;

3. if( z > y)

4. …

Is the path 1-2-3-4 feasible ?

Path conditions:

x < 10000.0

x + 1.0e12 > 1.0e12

On the reals : x ∈ (0,10000)

On the floats : no solution !

Page 3: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

3

55Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

float foo( float x) {

float y = 1.0e12, z ;

1. if( x > 0.0 )

2. z = x + y;

3. if( z == y)

4. …

Is the path 1-2-3-4 feasible ?

Path conditions:

x > 0.0

x + 1.0e12 = 1.0e12

On the reals : no solution

On the floats: x ∈ (0, 32767.99…)

Conversely,

66Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

Our Our roadmaproadmap

To To buildbuild a a constraintconstraint solversolver overover thethe floatsfloats

To combine To combine thethe solversolver overover thethe floatsfloats withwith a a finitefinite domaindomain constraintconstraint solversolver to deal to deal withwith mixedmixedcomputations computations

To To provideprovide adequateadequate labelling labelling strategiesstrategies overoverfloatingfloating--pointpoint variablesvariables

Page 4: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

4

77Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

OutlineOutline

IEEEIEEE--754 754 andand restrictionsrestrictions

Simple Simple SymbolicSymbolic ExecutionExecution

SolvingSolving pathpath conditions conditions overover thethe floatsfloats

CurrentCurrent implementationimplementation FPSEFPSE

FurtherFurther workwork

88Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

BinaryBinary floatingfloating--pointpoint numbersnumbers (IEEE(IEEE--754)754)float : (s,f,e) a bit pattern of 32, 64 or more bits

0 < e < emax : Normalized

(-1)s 1.f 2 (e - bias)

e = 0 : Denormalized (-1)s 0.f 2 (– bias + 1)

+0.0, -0.0e = emax : +INF, -INF, NaNs

4 rounding modes (near,up,down,chop),5 types of fp_exceptionMonotony of rounding required

sign (1 bit)

significand (23, 52 bits or extended)

exponent (8, 11 bits or extended)

Page 5: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

5

99Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

- Poor (but well-done) approximation of the reals- finite set not uniformly distributed over the reals- associativity and distributivity are lost in general,…

- Absorption (Xf + ε == Xf),Cancellation ( Xf-Yf==K.( X-Y ) et K>>1)

For add,sub,mult,div,sqrt,rem and conv:the floating-point result of an operation betweenfloating-point numbers must be the rounding result ofthe exact operation over the reals

Ex : 999999995904f add 10000f yields to 999999995904f= near(999999995904f + 10000f)

AccuracyAccuracy requirementrequirement ofof IEEEIEEE--754754

1010Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

ContextContext ofof thisthis workworkProgramsPrograms thatthat strictlystrictly conformconform to IEEEto IEEE--754754E ::= E add E |E subs E |E mult E |E div E

|E == E |E != E |E > E | E >= E|(float) E |(double) E | Var | Constants

No No extendedextended--formatsformats, , onlyonly thethe toto--thethe--nearestnearest roundingrounding mode, mode, nono exception, exception, nono NaNsNaNs

DecompositionDecomposition preservespreserves thethe orderorder ofof evaluationevaluation

TemporaryTemporary resultsresults are are storedstored in in knownknown formats formats ((requiresrequires to set to set upup specificspecific options options whenwhen compilingcompiling) )

Page 6: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

6

1111Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

OutlineOutline

IEEEIEEE--754 754 andand restrictionsrestrictions

Simple Simple SymbolicSymbolic ExecutionExecution

SolvingSolving pathpath conditions conditions overover thethe floatsfloats

CurrentCurrent implementationimplementation FPSEFPSE

FurtherFurther workwork

1212Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

Simple Symbolic Execution [Clarke 76]

Notations :Notations : Control Flow Graph Control Flow Graph ((N,A,e,sN,A,e,s))

XX vector of symbolic input vector of symbolic input

Definition (Definition (Symbolic StateSymbolic State) :) :(Path, State, PC) (Path, State, PC) wherewhere

Path = Path = nnii .... nnjj is a (partial) path of the CFGis a (partial) path of the CFGState State = = {<v,{<v,ϕϕ>}>}vv∈∈Var(PVar(P) ) ϕϕ is an algebraic is an algebraic exprexpr. over . over XXPCPC = = cc11,...,,...,ccnn a finite conjunction of conditions a finite conjunction of conditions

overover XX and temporary assignmentsand temporary assignments

Page 7: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

7

1313Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

Symbolic state : features

((Path,State,PCPath,State,PC)) is computed either by a forwardor a backward analysis over the vertex of Path

Let Let SSPCPC be the solution-set of PCPCthen ∀∀XX∈∈SSPCPC,, PathPath is activated by is activated by XX

WhenWhen SSPCPC==∅∅ thenthen PathPath is nonis non--feasible feasible

However, finding all the nonHowever, finding all the non--feasible paths is a feasible paths is a classical classical undecidableundecidable problem problem [Weyuker 79]

1414Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

((PathPath,,StateState,,PCPC)) : examples: examples

(1,{<x,X>,<y,1.0e12>,<z,⊥>},true)

(1 2 3, {<x,X>,<y,1.0e12>,<z,X add 1.0e12>},X < 10000.0 )

(1 2 3 4, {<x,X>,<y,1.0e12>,<z,X add 1.0e12>},X<10000.0, T := X add 1.0e12, T > 1.0e12)

...

4

3

2

1

float foo( float x) {

float y = 1.0e12 ;

if( x < 10000.0 )

z = x + y;

if( z > y)

...

Page 8: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

8

1515Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

OutlineOutline

IEEEIEEE--754 754 andand restrictionsrestrictions

Simple Simple SymbolicSymbolic ExecutionExecution

SolvingSolving pathpath conditions conditions overover thethe floatsfloats

CurrentCurrent implementationimplementation FPSEFPSE

FurtherFurther workwork

1616Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

IntervalInterval consistencyconsistency overover F F [C. Michel 02]

F_var x abstracted by an interval with FP bounds Ix

Interval propagation:

Decomposing expressions into arity-3 constraintst := x add y

[v := x+y+z] leads to v := t add z

Conservative over-estimation of the solution-set –Formally speaking, FP-2B(w)-consistency is achieved

Interval

arithmetic

Constraint

propagation

Relations over

intervals

Page 9: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

9

1717Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

ExistingExisting IP IP solverssolvers overover thethe realsreals- BNR-Prolog [Older Vellino 93]- Interlog [Botella Taillibert 93]

K_b_consistencies [Lhomme 93] Dynamic optimizations [Lhomme Gotlieb Rueher 96,98]

- Newton [Van Hentenryck Michel Benhamou 94]- Ilog Solver [Puget 94]- Prolog IV [Colmeraurer 94]- Numerica [Van Hentenryck 97]- ECLIPSE(IC) [Wallace ... 97]- Realpaver [Granvilliers 98]- ...

Interval Arithmetic over the reals:Ix = [a,b] and Iy = [c,d] thenIx+y = [down( a+c ), up( b+d )] Ix-y = [down( a-d ), up( b-c) ]

1818Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

Our Our approachapproach: : floatingfloating--pointpoint projectionsprojections

Direct and indirect projections for the assignment:proj(r, r:= a add b) (direct)

[r := a add b] leads to proj(a, r:= a add b) (1st indirect)proj(b,r := a add b) (2nd indirect)

Direct projections (over numeric fp numbers):If Ir = [rl,rh], Ia = [al,ah] and Ib = [bl,bh] then

[r := a add b] [rl’,rh’] [al add bl, ah add bh] ∩ [rl,rh][r := a subs b] [rl’,rh’] [al subs bh, ah subs bl] ∩ [rl,rh]...

Recall that [x add y] denotes near(x + y)

Page 10: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

10

Nantes Nantes ---- 24 Novembre 200524 Novembre 2005 1919

bl

bh

rl’ max(al add bl, rl)

rh’ min(ah add bh, rh)

al

ah

rh

rl

Ex: Direct projection [r := a add b]

impossible

Monotony of rounding :r1 ≤ r2 ⇒ near(r1) ≤ near(r2)

impossible

2020Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

More complex : indirect projectionsIf Ir = [rl,rh], Ia = [al,ah] and Ib = [bl,bh] then

1st indirect projection of [r := a add b]

[al’,ah’] [mid(rl,rl-) subs bh, mid(rh,rh

+) subs bl] ∩ [al,ah]

1st indirect projection of [r := a subs b]

[al’,ah’] [mid(rl,rl-) add bl, mid(rh,rh

+) add bh] ∩ [al,ah]

2nd indirect projection of [r := a subs b]

[bl’,bh’] [al subs mid(rh,rh+), ah subs mid(rl,rl

-)] ∩ [bl,bh]

Page 11: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

11

Nantes Nantes ---- 24 Novembre 200524 Novembre 2005 2121

rl-

rh+

rl

rh

bl

bhah’ min(mid(rh,rh

+) subs bl,ah)

al’ max(mid(rl, rl

-) subs bh, al)

al

ah

Ex: 1st indirect projection [r := a add b]

Impossible, as operationsare correctly rounded

not optimal ! but computable with to-the-nearest

Impossible

2222Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

Handling comparisons and conversionsComparisons (1st proj) :[al’,ah’] [max(al,bl), min(ah,bh)] when [a==b]

[al’,ah’] [max(al,bl)+, ah] when [a > b]

[al’,ah’] [if(al=bl=bh) then al+ else al,

if(ah=bl=bh) then ah- else ah] when [a!=b]

Floating-point conversions:when [ r := (float)a ]

[rl’,rh’] [maxf((float)al,rl), minf((float)ah,rh)] (direct proj.)

[al’,ah’] [maxd(al,mid(rl,rl-)), mind(ah,mid(rh,rh

+))] (indirect)

Page 12: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

12

2323Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

Handling zeros and infinitiesFirst isolate the singular bounds and then compute withan extended arithmetic defined by specific tables:

values of a in 1st indirect projection of [r := a add b]

NvNv,+INF,,+INF,±±0.00.0----------------+INF+INF

NvNv,+INF,+INFNvNv,,±±0.00.0NvNv,,±±0.00.0----NvNv,,--INFINFNvNv

+INF+INFNvNv±±0.00.0------INFINF+0.0+0.0

+INF+INFNvNv+0.0+0.0--0.00.0--INFINF--0.00.0

----------------NvNv, ,

--INF,INF,±±0.00.0--INFINF

+INF+INFNvNv+0.0+0.0--0.00.0--INFINFbb \\ rr

NaNs (for example INF – INF) are currently not handled (Prolog’s fail as result

2424Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

OutlineOutline

IEEEIEEE--754 754 andand restrictionsrestrictions

Simple Simple SymbolicSymbolic ExecutionExecution

SolvingSolving pathpath conditions conditions overover thethe floatsfloats

CurrentCurrent implementationimplementation: FPSE: FPSE

FurtherFurther workwork

Page 13: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

13

2525Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

FPSE: Floating-Point Symbolic Execution

- Implemented as part as the INKA toolB. Botella : full design and first implementationMe : constraint propagation engine and improvments

on fp projection functions

- Handles C computations for gcc/solaris/sparcand visual/xp/intel (unsound w.r.t. the stack of 80-bits registers)

- Written in SICStus Prolog (constraint propagation engine)and C (floating-point projection functions)

- Integrated with a collaborative integer constraint solver(SICStus clpfd library)

2626Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

A straightforward collaboration principleSynchronous trigger mechanism between FPSE and clpfdCommunicates through alarms (fd_global mechanism) whenint-to-float or float-to-int conversion constraints are encountered

I (long) X

FPSE clpfd

alarm(dom(J) is pruned)AwakeY (float) J

tell( I in minFD(X)..maxFD(X))

tell( Y in minFP(J)..maxFP(J))

Page 14: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

14

2727Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

/* double-error.c */

int main () {

double x;

float y,z,r;

x=1125899973951488.0;

y = x + 1;

z = x - 1;

r = y - z;

printf("%f\n", r);

}

%134217728.000000

test24 :-

solveur:init_env(E),

flottant:news([Y,Z,R],float(32),['y','z','r'],E),

flottant:news([X,C,T1,T2],double(64),['x','c','t1','t2'],E),

flottant:affect(const('1125899973951488.0'),X),

flottant:affect(const('1.0'),C),

flottant:affect('+',X,C,T1),

flottant:affect(conv(double(64),float(32)),T1,Y),

flottant:affect('-',X,C,T2),

flottant:affect(conv(double(64),float(32)),T2,Z),

flottant:affect('-',Y,Z,R),

solveur:solve(E),

flottant:fprint([R]).

| ?- test24.

double(64):r in 1.342177280000000000e+08 .. 1.342177280000000000e+08

An example (extracted from www.astree.ens.fr/)

2828Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

SelectedSelected experimentalexperimental resultsresults ((gccgcc//solarissolaris//sparcsparc))

single: +0.0single: +0.0double: 1.000000000001edouble: 1.000000000001e--4040

clprclpr: +0.0, : +0.0, clpq: +10-40

ic: [9.99999e-41, 1.0000000e-40]single: +0.0single: +0.0double: 1.000000000001edouble: 1.000000000001e--4040

power.c (X=10, Y = -40)84 constraints

single: +0.0single: +0.0double: +0.0double: +0.0

clprclpr: +0.0, : +0.0, clpq: +10-350

ic: [-4.94065645841247e-324, +4.94065645841247e-324]

single: +0.0single: +0.0double: +0.0double: +0.0

power.c (X=10, Y = -350)704 constraints

infeasibleinfeasible

single:single:[1.4012984643248171e[1.4012984643248171e--45, 45, 3.2767998046875000e+04] 3.2767998046875000e+04] double:double:[4.9406564584124654e[4.9406564584124654e--324, 324, 6.1035156250000000e6.1035156250000000e--05]05]

single: single: infeasibleinfeasible pathpath

double: [6.103edouble: [6.103e--5, 9.999e3]5, 9.999e3]

single:single:2.28598356246948242.2859835624694824double:double:2.28598360655737702.2859836065573770

single: single: --1.000000003e1.000000003e--3030

double: double: --1.0e1.0e--3030

Expected results EclipseEclipse

infeasibleinfeasibleclprclpr,,clpqclpq: : infeasibleinfeasibleicic: : infeasibleinfeasible

[Howden 82]T1=A*B,X1=T1+2,X1>100,X2=100-X1,X3=X2-50,X3 > 50.

single:[1.4012984643248171e[1.4012984643248171e--45,45,3.2768000000000000e+04] double:[4.9406564584124654e[4.9406564584124654e--324,324,6.1035156250000000e-05]

clpr,clpq : infeasible

ic: infeasible

X > 0, T1 = X + 1.0e12, T1 == 1.e12

single: single: infeasibleinfeasible pathpath

double: [6.103edouble: [6.103e--5, 9.999e3]5, 9.999e3]

clpr: (-0.0, 10000.0)clpqclpq: (0, 10000): (0, 10000)ic: [0.0, 10000.0]

X < 1.0e4,T1= X +1.0e12, T1 >1.0e12

single:[2.2859833240509033, 2.2859835624694824]2.2859835624694824]

double: [2.2859836065573766,2.2859836065573770]2.2859836065573770]

clpr: 2.2859836065573771clpq :27889/12200=2.285...ic: [2.2859836065573766,

2.2859839065573771]

[Goldberg 91]D == B2 - 4ACA:=1.22 , B=3.34, D=+0.0

single: single: --1.000000003e1.000000003e--3030

double: double: --1.0e1.0e--3030

clpr: +0.0, clpq: +10-30

icic: [: [--1.0e1.0e--3030, 140737488355328]

[Goldberg 91]2.0e-30 + 1.0e30 -1.0e30 -1.0e-30

FPSEFPSEProgramsPrograms

Page 15: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

15

2929Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

ProblemsProblems: : weaknessweakness ofof fp_constraintsfp_constraints to to prune prune thethe domainsdomains

test12(T) :-

solveur:init_env(E),

flottant:news([X,Y,X1,X2,Y1,T1,C1],T,_,E),

entier:new(R,int(32),'r',E),

flottant:affect('>',X,Y,R),

flottant:affect('+',X,Y,X1),

flottant:affect('-',X1,Y,Y1),

flottant:affect('-',X1,Y1,X2),

flottant:affect('-',X2,Y1,T1),

flottant:affect(const('0.0'),C1),

flottant:affect('>',T1,C1,R), R = 1,

solveur:solve(E),

flottant:fprint([X,Y]).

| ?- test12(float(32)).

float(32):x in -3.402823466385288598e+38 .. Inf

float(32):y in -Inf .. 3.402823466385288598e+38

int f(float x,float y)

if(x > y) {

x = x+y;

y = x-y;

x = x-y; }

if(x - y > 0)

...

exampleexample adaptedadapted fromfrom[KPV TACAS[KPV TACAS’’03] :03] :

3030Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

OutlineOutline

IEEEIEEE--754 754 andand restrictionsrestrictions

Simple Simple SymbolicSymbolic ExecutionExecution

SolvingSolving pathpath conditions conditions overover thethe floatsfloats

CurrentCurrent implementationimplementation: FPSE: FPSE

FurtherFurther workwork

Page 16: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

16

3131Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

SummarySummary andand furtherfurther workworkContribution: New results to solve accurately path conditions

over floating-point computations- Symbolic values- Comparisons and conversions

An implementation : FPSE Application: Structural test data generation

Extensions: NaNs

Transcendental functions (sqrt,sin,exp, ...)

Problems: Improving the pruning capacity of projection functions

Labelling process (heuristics)

3232Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

TheThe FloatsFloats......

...source ...source ofof inspiration ?inspiration ?1. B. Botella, A. Gotlieb, C. Michel

«Symbolic execution of floating-point computations»

Software Testing and Verification Journal, to appear in 2006

2. B. Botella, A. Gotlieb

«Documentation of a floating-point interval constraint solver » -- V3F Internal report

Page 17: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

17

3333Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

Playing with FPLIB: a first experienceObjectives:

- β-testing of FPLIB

- comparing the results of FPLIB with those of FPSE (when appropriate !)

Results:- better understanding of implementation choices- five bugs detected in FPLIB, one bug in FPSE- five deliveries of FPLIB: Thanks to Claude !

But, experimental comparison still in progress

3434Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

noSicstus clp(fd)Collaboration withother solvers

yes – C syntaxnoAutomaticdecomposition

sqrt, fabs, exp, log, sin, cos, tan, asin, acos, atan, cbrt, ..

noFunctions

+, -, *, /, ==, !=, <, =<,..float-double-extended conv

+, -, *, /, ==, !=, <, =<,.. int-float + float-double conv

Operators

2 (static) C++ librariesSicstus Prolog, CLanguage

to zero, to +∞, to -∞, to the nearestto the nearestRoundingsingle, double, long doublesingle, doubleFormats

GCC / Linux / IntelGCC / Solaris / Sparc(+ Visual / XP / Intel)

Target

Claude Michel (Coprin)Bernard Botella (Thales) andArnaud Gotlieb (IRISA)

AuthorsFPLIBFPSE

Page 18: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

18

3535Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

In FPSE:test27 :-

solveur:init_env(E),flottant:news([A,B,C,EXP,TMP],

float(32), ['a','b','c','exp','tmp'],E),flottant:affect(const('1.0e12'), A),flottant:affect(const('32000.0'), B),flottant:affect(const('32000.0'), C),flottant:affect('+',A,B, TMP),flottant:affect('+',TMP,C, EXP),solveur:solve(E),flottant:affiche(EXP).

?- test27. /* on sun4u sparc SUNW,Ultra-250 */

float(32):exp in 9.999999959040000000e+11 .. 9.999999959040000000e+11

FPSE and FPLIB with automatic decomposition are incomparable[ exp := 1.0e12f + 32000.0f + 32000.0f with to-the-nearest rounding mode]

In FPLIB:

int main(void) {int nbsols = 0; Fpc_Csp CSP;Fpc_Variable a(CSP, "a", FPC_FLOAT);...

Fpc_Model model(CSP);model.add(a = 1.0e12);model.add(b = 32000.0);model.add(c = 32000.0);model.add(exp = a + b + c);model.extract();Fpc_Solver solver(model);if( ! solver.TwoB(0.0) ) printf("pas de solution !\n");for (int i = 0; i < CSP.variables.size(); i++) {

CSP.variables[i]->display(); printf("\n"); } }

% make P=deco ; deco /* Linux pal.irisa.fr 2.6.10-1.12_FC2smp # i686 i686 i386 GNU/Linux

exp = [ 1.000000061440000000e+12, 1.000000061440000000e+12]f

Nantes Nantes ---- 24 Novembre 200524 Novembre 2005 3636

bl

bh

al

ah

rh

rl

direct projection of a basic operation[r := a add b]

FPSE modelsonly the to-the-nearest mode

FPLIB with SetRoundDown()

FPLIB with SetRoundNear()

Page 19: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

19

Nantes Nantes ---- 24 Novembre 200524 Novembre 2005 3737

rl-

rh+

rl

rh

bl

bh

al

ah

inverse projection of a basic operation[r := a add b]

FPSE

al’ max( mid(rl, rl-) subs bh, al)

FPLIB al’ max( θ+( rl- - bh), al) [over the long double]

where :θ+( x) = x+ if x is a float

= θ+∞( x) otherwise

Nantes Nantes ---- 24 Novembre 200524 Novembre 2005 3838

rl-

rh+

rl

rh

bl

bh

al

ah

inverse projection of a basic operation[r := a add b]

FPSE

al’ max( mid(rl, rl-) subs bh, al)

FPLIB

al’ max( θ+( rl- - bh), al) [over the long double]

where :θ+( x) = x+ if x is a float

= θ+∞( x) otherwise

Page 20: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

20

3939Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

VeryVery firstfirst experimentalexperimental comparisoncomparison

single:c [2.2859833240509033, 2.2859835624694824]

c = 2.2859833240509033with SetFloatPrecision();

c = 2.2859835624694824with SetLDoublePrecision(); ???

single:2.2859835624694824

[Goldberg 91][Goldberg 91]D == BD == B2 2 -- 4AC4ACA:=1.22f , B=3.34f, A:=1.22f , B=3.34f, D=+0.0fD=+0.0f

idemidemidemg1, g2, power9,...g1, g2, power9,...

single:[1.4012984643248171e-45,3.2768000000000000e+04] double:[4.9406564584124654e-324,6.1035156250000000e-05]

single:[1.4012984643248171e-45,3.2768000000000000e+04] double:[4.9406564584124654e-324,6.1035156250000000e-05]

single:[1.4012984643248171e-45, 3.2767998046875000e+04] double:[4.9406564584124654e-324, 6.1035156250000000e-05]

X > 0, X > 0, TT1 1 = X = X + + 1.0e12, 1.0e12, TT1 1 == 1.e12== 1.e12

nonoidemidemidemY = log X,Y = sin Y = log X,Y = sin X, ... X, ...

area6 = 1.9337656497955322

??

single: infeasible path

double: [6.103e-5, 9.999e3]

Expected results FPLIBFPLIB

??

??

area6 = 1.933765649795532227by using direct projection over a selected pathPi in [3.141592, 3.141593]4 solutions

traptrap computescomputes thethearea area ofof sin sin betweenbetween 0 0 andand PiPi38 38 constraintsconstraints

single: infeasible path

double: [6.103e-5, 9.999e3

single: infeasible path

double: [6.103e-5, 9.999e3

X < 1.0e4,X < 1.0e4,TT11= X = X ++1.0e12, 1.0e12, TT1 1 >1.0e12>1.0e12

FPSEFPSEProgramsPrograms

4040Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

Summary

FPLIB :

+ - transcendentals

- automatic decomposition

- rounding mode / precision

- documentation

source code ?

Page 21: Symbolic Execution of Floating-Point Computationspeople.rennes.inria.fr/Arnaud.Gotlieb/publications/... · 1 Nantes -- 24 Novembre 2005 11 Symbolic Execution of Floating-Point Computations

21

4141Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

ExampleExample : : y = log(x), x+y = 0y = log(x), x+y = 04 projection functions Ix’ Iexp(y) ∩ Ix

Iy’ Ilog(x) ∩ IyIx’ I-y ∩ IxIy’ I-x ∩ Iy

X∈ [-∞,+∞] Y∈ [-∞,+∞]

If there is a solution x, then x ∈ [0.56, 0.57]

Conservative over-estimation of the solution-set –Formally speaking, 2-b(w)-consistency is achieved

[0,+∞][-∞, 0]

[0.56, 0.57][-0.57, -0.56]

[0.56, 1][-1, -0.56]

[0, 1][-1, 0]

4242Nantes Nantes ---- 24 Novembre 200524 Novembre 2005

NotationsNotations

x

near(x)

a+

a-

a

mid(a,a+)